1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

my wordpress site got hacked

Discussion in 'BlackHat Lounge' started by ceniicr7, Mar 2, 2016.

  1. ceniicr7

    ceniicr7 Junior Member

    Joined:
    May 18, 2015
    Messages:
    146
    Likes Received:
    13
    hello i have an good dedicated server and my website has been hacked they edit theme and upload so many files and are doing spam how can i check what are they doing spam and how they uploaded backdoor and shells?
     
  2. PHPInjected

    PHPInjected Elite Member

    Joined:
    Apr 25, 2014
    Messages:
    2,144
    Likes Received:
    1,873
    Occupation:
    100% Unique Content Writer
    Location:
    Overriding Methods
    Home Page:
    Do you have an FTP connection available? If so, use FileZilla and look at all the files that have been updated recently that you haven't touched, and delete them.

    Then, change your listen port. Normally, your SSH is on port 22, I believe. There is more, such as checking your PHP & Apache settings. But this should get you started.
     
  3. loedown

    loedown Jr. VIP Jr. VIP

    Joined:
    Jun 29, 2009
    Messages:
    1,584
    Likes Received:
    496
    Home Page:
  4. ceniicr7

    ceniicr7 Junior Member

    Joined:
    May 18, 2015
    Messages:
    146
    Likes Received:
    13
    yes currently i have access and to root with whm but i want to check ip that have been log in on wordpress and what are they doing spam and how they hacked me
     
  5. PHPInjected

    PHPInjected Elite Member

    Joined:
    Apr 25, 2014
    Messages:
    2,144
    Likes Received:
    1,873
    Occupation:
    100% Unique Content Writer
    Location:
    Overriding Methods
    Home Page:
    You can check that in the backend of WHM or the back end of wordpress for IPs that have accessed your server/site. Follow the link posted above for further troubleshooting.
     
  6. Eternal1912

    Eternal1912 Power Member

    Joined:
    Dec 6, 2014
    Messages:
    621
    Likes Received:
    246
    Gender:
    Male
    Occupation:
    Freelance Writer
    Location:
    Bulgaria
    This can happen if you have used a nulled wordpress theme from BHW, for example.
     
  7. WPRipper

    WPRipper Supreme Member

    Joined:
    Mar 24, 2010
    Messages:
    1,400
    Likes Received:
    1,524
    Location:
    Proudly romanian
    Never have a Wp site hacked. Use legit themes and plugins and you'll be fine.
     
  8. ceniicr7

    ceniicr7 Junior Member

    Joined:
    May 18, 2015
    Messages:
    146
    Likes Received:
    13
    theme was from wordpress themes but plugins from gfxfree
     
  9. redarrow

    redarrow Elite Member

    Joined:
    Apr 1, 2013
    Messages:
    4,294
    Likes Received:
    981
    Scrape the lot start agin ...

    this time set hard to guess passwords......

    use the Microsoft password rule.
     
  10. WPRipper

    WPRipper Supreme Member

    Joined:
    Mar 24, 2010
    Messages:
    1,400
    Likes Received:
    1,524
    Location:
    Proudly romanian
    You have ur answer.
     
  11. Cherry

    Cherry Supreme Member

    Joined:
    Mar 23, 2014
    Messages:
    1,235
    Likes Received:
    312
    Gender:
    Female
    Location:
    Care-a-lot
    So, it isn't advisable to use those Wordpress themes being given away for free here on BHW?
     
  12. Capo Dei Capi

    Capo Dei Capi BANNED BANNED

    Joined:
    Oct 23, 2014
    Messages:
    754
    Likes Received:
    1,732
    How do we know if a nulled theme can be hacked?
     
  13. isurfthenet

    isurfthenet Registered Member

    Joined:
    Mar 15, 2010
    Messages:
    87
    Likes Received:
    23
    I had a similar experience some time back and I was able to resolve many of the issues using the plugin below. You can set it to scan your whole system and even compare to original wordpress files. As many mentioned on this thread, you should check for any recent changes via FTP as well, however, this plugin will find many of those and let you remove/resolve.

    https://wordpress.org/plugins/wordfence/
     
  14. MisterF

    MisterF Jr. VIP Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    6,284
    Likes Received:
    4,795
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:
    In a word; NO

    There are some devious scum on all forums, who are happy to appear to be the good guys by sharing nulled themes / plugins etc but have actually supplied you with a free of charge Trojan or backdoor exploit.

    These people are the lowest of the low, so it is best to buy legit themes and plug ins.
     
  15. PHPInjected

    PHPInjected Elite Member

    Joined:
    Apr 25, 2014
    Messages:
    2,144
    Likes Received:
    1,873
    Occupation:
    100% Unique Content Writer
    Location:
    Overriding Methods
    Home Page:
    A virus total and/or other users posting about it. It's easy to find an exploit or a file that shouldn't be there or even a line of code that shouldn't be there.